cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Configuration steps for JavaScript Web Client on Secure Login Server

Go to solution
asif_rahmetulla
Participant

on ‎05-23-2022 9:37 PM

Hello all,

We are trying to configure JavaScript Web Client such that it can redirect to a web service in backend SAP system after getting authenticated and issued X.509 certificate using Secure Login.

The steps described in section Providing X.509 Certificates to Secure Login Client Using JavaScript Web Client | SAP Help Portal, of SAP Single Sign-On implementation guide were followed, however, we are looking for blog that would describe the configuration steps clearly.

Appreciate your assistance

Regards,

Asif

Show replies
Show replies
asif_rahmetulla
Participant
‎06-01-2022 7:46 PM
0 Kudos

Hello all,

Adding to the comments to clarify what is needed

We are looking for sample configuration with necessary authentication profiles and user profile group needed for setting up JavaScript Web Client to access backend system using web browser.

As per the Single Sign-On 3.0 implementation guide, we have setup couple of authentication profiles and a dedicated user profile group as follows:

1- Web Adapter Profile with type "Web Adapter Profile" as described in https://help.sap.com/docs/SAP_SINGLE_SIGN-ON/df185fd53bb645b1bd99284ee4e4a750/c6bedaedd5664216b4cacd...

2- Local Security Hub Profile as described in https://help.sap.com/docs/SAP_SINGLE_SIGN-ON/df185fd53bb645b1bd99284ee4e4a750/4d5868ea250a497b9cf26f...

3- Secure Login Web Client Profile

a) In "Authentication Configuration" tab, selected "Java Script Web Client" as Authentication Form and using LDAP authentication for login policy configuration in order for the Web Client Profile to initiate authentication

b) For "Certificate management" tab, selected "User Sub CA" as the CA for issuing certificate

c) For "Enrollment configuration" tab, provided the URL to redirect as "https://FQDN_backendhost/sap/bc/gui/sap/<web_service_name>

and used "Web Adapter" & "Local Security Hub" in the Web Adapter Configuration

4- Created user profile group containing "Local Security Hub" and "Web Adapter" profiles. In the Web Adaptor profile we referenced the JavaScript Web Client profile for SAPGUI initiated browser SSO. However, not sure if this was required.

5- We downloaded the user profile group on the Secure Login Client and tested web client as follows:

a) In the Secure Login Client, double click on the Web Adapter profile

b) Get prompted for user / password by the SAP Single Sign-On. After entering the credentials we do see message "creating certificate" and then "key successfully imported" message and the page gets redirected to URL provided in the JavaScript Web Client profile.

However, we get prompted again for user / password by the backend system to access the web service.

Questions:

a) We are unable to add the "Secure Login Web Client" authentication profile to this user profile group. How can we have the Secure Login Web Client authentication profile added to the user profile group so that it is available on the Secure Login Client?

b) We would appreciate sample configuration that we can reference for enabling Secure Login Web Client (with web adapter mode) to allow browser based access to the backend system using SAP SSO.

Regards,

Asif

Answer
View Entire Topic
asif_rahmetulla
Participant
‎07-05-2022 6:15 PM
0 Kudos

Hello Tobias,

Thank you for detailed explanation! We followed your recommendation as suggested but still getting prompted for credentials be the backend system.

Questions:

1- Is there a way we can troubleshoot what could be causing this to not work?

Other observations:

1- We are using Microsoft Edge as browser and getting prompted for credentials twice. After the first login prompt the second authentication form reads "secure login web client". Why there are two login prompts and is there a way we can avoid the first one? This does not happen in Chrome.

2- After the successful login, the browser shows list of certificate to choose for accessing backend. Can this be suppressed and use the certificate generated by the web client profile automatically?

3- Activating the parameter login/certificate_mapping_rulebased for certificate based mapping, will it impact with any of the existing authentication for web application access via enterprise portal etc.,?

Regards,

Asif

Show replies
Show replies
Ask a Question